Method and device for prompting information about e-mail

ABSTRACT

The present invention discloses a method and a device for prompting information about an e-mail. The method comprises: extracting information from a currently opened e-mail; according to the extracted information, determining whether an unsafe webpage link is contained in content of the currently opened e-mail; and if yes, providing security prompting information to a user. By means of the present invention, security is ensured when a person uses an e-mail box.

FIELD OF THE INVENTION

The present invention relates to the field of computer technology,especially relates to a method and a device for prompting informationabout an e-mail.

BACKGROUND OF THE INVENTION

An e-mail box is an electronic information space for networkcommunication provided by the network electronic post office for networkclients. The e-mail box has the functions of storing andsending&receiving electronic information, and is an importanceinformation communication tool in internet. By means of the e-mail box,the user may send and receive e-mails anywhere and anytime, which makespeople's life to be greatly convenient.

The e-mail box service with the webpage as the interface is a commonmanner of e-mail box service, in this manner, one can enter the log-inpage of the e-mail box through a webpage browser, then fill in data suchas the user name and password etc. in the log-in form in the log-inpage, and then click a submission button such as “log-in” to accomplishlog-in of the e-mail box, thus the operations of sending&receiving,reading e-mails can be performed.

However, there may be some security risks in the process of using ane-mail box by people. For example, people often receive lottery e-mails,and are cheated when clicking the link in the e-mail, which results indamage of users' property or personal privacy; people are interested inreceiving a dating e-mail, but find that the computer becomes more andmore slowly after clicking the e-mail; people see the commodities in thee-mail very cheap and click them, as a result, many advertisements popup; if a link in an e-mail from a stranger is clicked, the home pagewill be changed inexplicably and even cannot be changed back; if a linkin a mass e-mail is clicked, many software programs will be installedand even cannot be uninstalled, and the like.

Therefore, how to ensure security of people in using an e-mail boxbecomes a problem that needs to be solved by the skilled person in theart urgently.

SUMMARY OF THE INVENTION

In view of the above problem, the present invention is proposed toprovide a method and a device for prompting information about an e-mailfor overcoming the above problems or at least partially solving ormitigating the above problems.

According to an aspect of the present invention, a method for promptinginformation about an e-mail is provided, comprising: extractinginformation from a currently opened e-mail;

according to the extracted information, determining whether an unsafewebpage link is contained in the content of the currently opened e-mail;

if yes, providing security prompting information to a user.

According to another aspect of the present invention, a device forprompting information about an e-mail is provided, comprising:

an information extracting unit configured to extract information from acurrently opened e-mail;

a determining unit configured to determine whether an unsafe webpagelink is contained in the content of the currently opened e-mailaccording to the extracted information;

a prompting unit configured to, if yes, provide security promptinginformation.

According to a further aspect of the present invention, a computerprogram comprising a computer readable code is provided, when thecomputer readable code runs on a server, the server is caused to performa method for prompting information about an e-mail according to any ofclaims 1 to 9.

According to yet another aspect of the present invention, a computerreadable medium is provided, in which a computer program is stored.

The beneficial effect of the present invention is:

By means of the present invention, some information can be extractedfrom an e-mail opened by a user, then it is determined whether an unsafewebpage link is contained in the content of the e-mail based on theseinformation, if yes, prompting information may be provided to the userso as to attract the user's attention. In this way, the user will nolonger click the corresponding webpage link according to the promptinginformation, such that the user will not be infringed by maliciouslinks, namely, security in using an e-mail is ensured.

The above is only a summary of the technical solution of the presentinvention. In order to understand the technical measures of the presentinvention more clearly so as to be carried out according to the contentsof the description, and in order to make the above and other purposes,features and advantages of the present invention more obvious and easilyunderstood, specific embodiments of the present invention will beparticularly listed as follows.

BRIEF DESCRIPTION OF THE DRAWINGS

By reading the detailed description of the preferred embodimentshereinbelow, various other advantages and benefits will be clear for theordinary skilled person in the art. The drawings are only used for thepurpose of showing the preferred embodiments, while not regarded aslimitations to the present invention. Moreover, the same reference signrepresents the same component in the whole drawings. In the drawings:

FIG. 1 schematically shows a flow chart of a method provided accordingto an embodiment of the present invention;

FIG. 2 shows a schematic view of a device provided according to anembodiment of the present invention;

FIG. 3 schematically shows a block view of a server for performing amethod according to the present invention; and

FIG. 4 schematically shows a storage unit for storing or carrying aprogram code carrying out a method according to the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Next, the present invention will be described further in combinationwith the drawings and specific embodiments.

Referring to FIG. 1, a method for prompting information about an e-mailprovided by an embodiment of the present invention comprises the stepsof:

S101: extracting information from a currently opened e-mail;

in the embodiment of the present invention, with respect to a currentlyopened e-mail by the user, it is detected whether an unsafe webpage linkis contained in the content of the e-mail. Wherein the currently openede-mail may be an e-mail that is currently in focus, i.e., an e-mailbeing currently displayed in a current user interface, and may alsocomprise other e-mail that has been opened currently but not in focusyet. Specifically, when a currently opened e-mail is learnt, the mannerof based on event response can be used, for example, an event that auser clicks a certain e-mail can be monitored, when the occurrence ofthe event is monitored, it can be learnt that the user opens a certaine-mail. More specific carrying out manners may be represented in thefollowing introductions.

S102: determining whether an unsafe webpage link is contained in contentof a current opened e-mail according to the extracted information;

When determining whether an unsafe webpage link is contained in thecontent of an e-mail specifically, there may be various ways forcarrying it out based on the different extracted information, forexample, in one of the ways, a webpage link contained in the content ofthe e-mail may be extracted firstly, then security of the webpage linkis detected, so as to determine whether an unsafe webpage link iscontained in the content of the e-mail according to the detectionresult; or the title and/or sender information (which may include thee-mail address, name etc. of the sender) of the currently opened e-mailmay be extracted, then it is determined whether the tile and/or senderinformation appears in a preset blacklist (this blacklist may beobtained in advance through various approaches, and can be updatedduring the process of carrying out the embodiments of the presentinvention, what is recorded therein is that an unsafe link is containedin the content of the e-mail as for a specific e-mail title and/orsender information), if yes, it is determined that a safe webpage linkis contained in the content of the currently opened e-mail; of course,the preceding two ways may also be combined, for example, the e-mailtitle and/or the sender information may be extracted firstly, then it isdetermined whether the e-mail title and/or the sender informationappears in a preset blacklist, if not, a webpage link contained in thecontent of the e-mail may be further extracted, then the security of thewebpage link is detected, so as to determine whether an unsafe webpagelink is contained in the content of the e-mail according to thedetection result, here, if the detection result show that an unsafewebpage link is indeed contained in the content of the e-mail, thee-mail title and/or the sender information of the e-mail may be furtheradded into the blacklist, such that the blacklist is updated. Inspecific implementation, how to extract required information from ane-mail is an important content, which will be introduced in detail next.

In actual applications, a mailbox generally comprises a webpage mailboxand a client mailbox, wherein the webpage mailbox is namely a mailboxwhich logs in, sends and receives e-mails, as well as reads e-mailsthrough a webpage, for example, the commonly used NetEase mailbox etc.The client mailbox refers to a tool software such as Foxmail, Outlooketc., the e-mails can be received at a local computer by using a mailclient, the e-mails can still be read offline. In the embodiment of thepresent invention, the webpage link, e-mail title and/or senderinformation contained in the content of an e-mail can be extracted indifferent ways respectively with respect to the webpage mailbox and theclient mailbox.

Firstly, regarding the webpage mailbox, since the e-mail in the webpagemailbox corresponds to a webpage, moreover, the user opens the log-inpage of the webpage mailbox through a browser, the contents includingthe folder list (e.g. inbox, outbox, sent box etc.) in the mailbox aredisplayed through the browser page after successful log-in, after acertain folder is clicked, an e-mail list contained therein will bedisplayed, then a certain e-mail can be opened by clicking and selectingthe e-mail from the e-mail list, the text content of the e-mail will bedisplayed in the webpage. Therefore, corresponding functions can beimplemented by adding new functions for the browser or providing abrowser plug-in.

In addition, Browser Helper Object (BHO) is an industry standard for thebrowser to open an interactive interface to a third party programmer,the “interactive interface” in the browser field can be entered onlythrough simple codes. The programmers can write codes through thisinterface to acquire behaviors of the browser, such as “backward”,“forward”, “current page” etc., the programmers can also control thebrowser behaviors with the codes, such as modifying and replacing thetool bar of the browser, adding their own program buttons etc., there isno problem for the operation system. The former purposes of BHO are tohelp the programmers to create individualized browsers and to providemore simple interactive functions for the programs, many individualizedtools at present are carried out by using BHO.

Therefore, in the embodiment of the present invention, the BHO may alsobe used to achieve the aim of extracting a webpage link contained in thecontent of an e-mail. For example, a core module of a certain securitytool as the BHO of the browser can perform filtering processing inresponse to various events generated in operation of the browser by theuser. When the user logs in a webpage mailbox, a mail protection modulecan receive OnDocumentComplete event of the BHO, verify the URL of thecurrent address bar of the browser, and enter the logic of processingthe mail content if it is found that it is the webpage mail URL to beconcerned.

When analyzing the content of an e-mail, since it may be performed aftera user opens a certain e-mail and the text content of the e-mail isdisplayed in the webpage, here the text content is a subwebpage of thecurrent webpage, hence, the Hypertext Markup Language (HTML) code of thewebpage where the e-mail locates can be acquired, and then the HTML codeof the webpage where the e-mail locates can be parsed based on the modeof a document object model (DOM) tree, in this way, the text content ofthe e-mail can be acquired, then, since the presentation of a webpagelink in the page always exist in the form of a hyperlink, the targetaddress of the webpage link (i.e., the URL of the target webpage towhich the webpage link corresponds) can be acquired by an ApplicationProgramming Interface (API) function (e.g. GetURL) provided by theoperation system, this is namely equivalent to extracting the webpagelink contained therein. Of source, the title and/or the senderinformation of the e-mail can also be extracted by parsing the HTML codeif necessary.

It needs to be explained here that the HTML DOM is a document objectmodel that is specifically applicable for HTML/XTML. The HTML DOM can beunderstood as an API of the webpage. It loads all the data into thememory in a node hierarchies of Parent-Child to constitute a tree, thesenodes may be in types of elements, texts, attributes, annotations orothers. It allows the developer to read, create, delete and edit the HMLdata. That is to say, as for the webpage displayed after an e-mail isopened, the frame portion (including the folder list, title of thee-mail, sender address, receiver address, sending time and operationbuttons of return, response, deletion etc.) displayed in the webpage aswell as the text content of the e-mail are all regarded as nodes in theDOM tree. Hence, the desired information can be namely acquired byanalyzing respective nodes in the DOM tree.

In specific implementation, the manner of traversing each node may beadopted to search information that matches with the key words (forexample, taking “title” as the key word when it is required to acquirethe title of the e-mail, etc.), however, this is time consuming and mayoccupy many resources. Therefore, in the embodiments of the presentinvention, another implementing manner may be adopted. Specifically, inan e-mail page, the nodes in the DOM tree to which the page elementcorresponds generally have some features, such features refer to thename, ID, style type of the self element or the adjacent element in theDOM tree, as well as the relationship with the adjacent element, etc.,for example, the title of the e-mail, the sender and so on may be fixedas the Mth node in the Nth layer of the DOM tree, etc., hence, when itis required to acquire certain information, the node can be founddirectly based on the node feature of the information in the DOM tree,and the corresponding information can be extracted. Of course, as fordifferent webpage mailboxes, the node features of the page elementsthereof in the DOM tree may be different, for example, as for a certainwebpage mailbox, its e-mail title is the fourth node in the third layerof the DOM tree, while as for another webpage mailbox, its e-mail titleis the second node in the fourth layer, etc. Therefore, with respect todifferent webpage mailboxes, it is further required to acquire the nodefeatures of the webpage elements thereof in the DOM tree, and then storethem respectively, specifically when acquiring the required informationbased on the node features, it should be determined firstly what thecurrent webpage mailbox is, then it is queried the node feature of thewebpage element of the webpage mailbox in the DOM tree.

The conditions of the webpage mailboxes have been introduced above,next, the conditions of the client mailboxes will be introduced. As fora client mailbox, since it does not rely on a browser to exhibit thecontent of the e-mail, the above manner of BHO cannot be used, however,the embodiment of the present invention also provides correspondingimplementing manners. Specifically, it may become a plug-in of theclient mailbox by registration, and extract the content of the e-mailcurrently clicked and selected by the user corresponding toOnSelectionChange event. Specifically, when the user clicks and selectsa certain e-mail, the data package to which the e-mail corresponds canbe acquired, then the webpage link contained in the text content of isextracted by analyzing the data package. Wherein as for the data packageof the e-mail, different data formats e.g. including TXT, RTF, HTMLetc., may be used in different client mailboxes or different e-mailtexts, and the code to which each format correspond is described in adifferent form, which also needs to be parsed through a correspondingparsing algorithm, however, the URL features contained therein are thesame. Therefore, when it is required to extract a webpage link from thedata package, the data format of the text content of the e-mail can beacquired through a Software Development Kit (SDK) function firstly, thenthe text content of the e-mail is read from the data package using acorresponding parsing algorithm based on the data format, and then it isprocessed as a TXT file, the character strings therein are parsed,character strings with features of being started with “http://” andfollowed by a valid domain name character string, or being started with“www” and being a valid domain name character string contained thereinare searched, in this way, the URL data to which the webpage linkcorresponds can be extracted. In addition, if it is required to extractthe title or the sender information of the e-mail, it can also beimplemented through the SDK function.

Wherein, as stated above, the text content of the e-mail in the clientmailbox needs to be read from the data package, thereby extracting thewebpage link from the read characters; while as for the webpage linkcontained in the text content of the e-mail, when it is exhibited to theuser, the anchor text of the webpage link might be a sentence, evenmight be a picture link etc., namely, what the user sees directly at thewebpage link might not be the URL of the webpage to which the webpagelink corresponds, instead, it is a sentence (generally with underlines,when the mouse cursor is placed on it, it may become “hand shape”) or apicture, but when the user clicks this sentence or picture, the webpageto which the link corresponds will be opened; and the data package notonly contains the anchor text, picture etc., of the link, but alsocontains the URL of the webpage to which the webpage link corresponds.Hence, when reading the text content of the webpage from the datapackage, the read content has actually contained the URL of the webpageto which the webpage link corresponds. Therefore, the webpage linkcontained in the webpage content can be read based on the features ofthe URL character string.

Specifically, when detecting security of the webpage link, it can bedetected based on a preset database. For example, a malicious websitelibrary is preset, which contains malicious websites recorded throughvarious approaches. Hence, after extracting the webpage link from thecontent of the e-mail, the extracted webpage link can be compared withthe websites in the malicious website library to determine whether itcomes up in the malicious website library, if yes, it will be determinedthat the webpage link is unsafe; if not, the webpage link can also besent to the server for further detection. Wherein static features (e.g.,comprising which webpage elements etc.) in the webpage to which thewebpage link corresponds can be extracted at the server, the security ofthe webpage is determined through the static features; or the webpage towhich the webpage link corresponds can be opened in the sandbox, dynamicfeatures (e.g. whether a certain script is run automatically etc.) ofthe webpage are extracted, the security of the webpage is determinedthrough the static features, etc. In a word, the server can adopt themethods in the prior art to detect security of the webpage, which willnot be elaborated here.

S103: if yes, providing security prompting information to a user.

Specifically, when providing security prompting information to a user,the manners of popping bubbles can be used. For example, after the userclicks and selects a certain e-mail, if it is detected that an unsafewebpage link is contained in the text content of the e-mail, bubbles maypopped out at the lower right corner etc., and the wordings such as“this e-mail contains an unsafe webpage link” may be presented, it mayalso prompt which webpage link is unsafe specifically. In this way, ifthe prompting information is noticed, the webpage link will not beclicked any more, thus the infringement of malicious information will beavoided.

Of course, if the title and/or sender information of the e-mail is alsoextracted at the same time, the corresponding title and/or senderinformation of the e-mail can also be recorded when a certain webpagelink is detected unsafe, the blacklist can be updated and uploaded tothe server. In this way, when it is required to determine whether othere-mails of the user contain unsafe webpage links, or to determinewhether e-mails of other users contain unsafe webpage links, it can bedetermined firstly whether the extracted title and/or sender informationof the e-mail appears in the blacklist, if yes, the user will beprompted directly, without needing to extract the link contained thereinnor performing the subsequent security detection operation, thus theprocessing efficiency can be improved. Wherein, regarding the abovemanner of confirming through the blacklist, the blacklist can be storedat the Cloud, after the title and/or sender information of the e-mailare extracted, they can be sent to the Cloud for query; when a newe-mail containing an unsafe webpage link is detected in the manner oflink detection, the title and/or sender information of the newlydetected e-mail can be sent to the Cloud, the blacklist will be updatedat the Cloud, such that the blacklist used in each comparison is in thelatest state. Of course, in order to reduce occupation of bandwidth bydata transmission and improve processing efficiency, the blacklist canalso be downloaded to the local to perform comparison, meanwhile, it canalso be updated periodically or aperiodically from the Cloud, etc.

In addition, it needs to be explained that as for the client mailbox,since the corresponding functions can be implemented in the form of aplug-in, in specific implementation, the data processing manner inasynchronization with the client e-mail can be used, namely, performingoperations such as link extraction, detection etc., in an independentthread, at the same time of performing these operations, the clientmailbox can respond to other operations of the user, thus the processingspeed of the client mailbox itself will not be influenced. In addition,the plug-in in the embodiments of the present invention can use anevent-based startup manner, i.e., the operations of extraction anddetection etc. will not be performed unless the user clicks and selectsa certain e-mail, hence, the startup speed of the client mailbox willnot be influenced either.

By means of the above method provided by the embodiment of the presentinvention, some information can be extracted from the e-mail opened bythe user, then it is determined whether the e-mail contains an unsafewebpage link based on these information, if yes, prompting informationcan be provided to the user so as to attract the user's attention. Inthis way, the user will not click the corresponding webpage link anymore based on the prompting information, thus the user will not beinfringed by the malicious link, namely, the security in using an e-mailis ensured.

Corresponding to a method for prompting information about an e-mailprovided by the embodiment of the present invention, the embodiment ofthe present invention further provides a device for promptinginformation about an e-mail, referring to FIG. 2, the device maycomprise:

an information extracting unit 201 configured to extract informationfrom a currently opened e-mail;

a determining unit 202 configured to determine whether an unsafe webpagelink is contained in content of a currently opened e-mail according tothe extracted information;

a prompting unit 203 configured to, if yes, provide security promptinginformation to a user;

wherein the information extracting unit 201 may comprise:

a link extracting subunit configured to extract a webpage link containedin content of an e-mail;

correspondingly, the determining unit 202 may comprise:

a security detecting subunit configured to detect security of thewebpage link, so as to determine whether an unsafe webpage link iscontained in the content of the e-mail according to the detectionresult.

Or, the information extracting unit 201 may also comprise:

an e-mail title and/or sender information extracting subunit configuredto extract an e-mail title and/or sender information of a currentlyopened e-mail;

correspondingly, the determining unit 202 may comprise:

a list comparison subunit configured to determine whether the e-mailtitle and/or sender information appears in a preset blacklist, if yes,it is determined that a safe webpage link is contained in the content ofthe currently opened e-mail.

Or, the above two manners are combined, if the e-mail title and/orsender information does not appear in a preset blacklist, theinformation extracting unit 201 may further comprise:

a link extracting subunit configured to extract a webpage link containedin content of an e-mail;

correspondingly, the determining unit 202 may further comprise:

a security detecting subunit configured to detect security of thewebpage link, so as to determine whether an unsafe webpage link iscontained in the content of the e-mail according to the detectionresult.

Wherein the e-mail comprises an e-mail in a webpage mailbox opened by auser, the link extracting subunit comprises:

a first text content extracting subunit configured to parse a HypertextMarkup Language (HTML) code of a webpage where the e-mail locates basedon a Document Object Model (DOM) tree, so as to extract text content ofthe e-mail therefrom;

a first link extracting subunit configured to extract from the textcontent of the e-mail a webpage link contained therein by using anApplication Programming Interface (API) function provided by anoperation system.

In specific implementation, the first text content extracting subunitmay comprise:

a parsing subunit configured to parse the HTML code of the webpage wherethe e-mail location based on the DOM tree according to a preset nodefeature of a webpage element of the current webpage mailbox in the DOMtree.

Wherein the e-mail may further comprise an e-mail in a client mailboxopened by a user, the link extracting subunit comprises:

a data package and data format acquiring subunit configured to acquire adata package and a data format of the e-mail according to a SoftwareDevelopment Kit (SDK) function;

a second text content extracting unit configured to read the textcontent of an e-mail from the data package according to the data format;

a second link extracting subunit configured to parse a character stringcontained in the text content so as to extract a webpage link from thetext content according to a character string feature to which a presetwebpage link corresponds.

Wherein, in order to avoid influence to normal processing of the clientmailbox, said functions may be implemented by using a plug-in of theclient mailbox, the plug-in uses a data processing manner inasynchronization with the client mailbox.

In order to update the blacklist, the device may further comprise:

a blacklist updating unit configured to add the title and/or senderinformation of an e-mail into the blacklist if the detection resultshows that an unsafe webpage link is contained in the content of thee-mail.

By means of the above device provided by the embodiment of the presentinvention, some information can be extracted from the e-mail opened bythe user, then it is determined whether the e-mail contains an unsafewebpage link based on these information, if yes, prompting informationcan be provided to the user so as to attract the user's attention. Inthis way, the user will not click the corresponding webpage link anymore based on the prompting information, thus the user will not beinfringed by the malicious link, namely, the security in using an e-mailis ensured.

The embodiments of respective components of the present invention can becarried out in hardware, or in software modules run on one or moreprocessors, or in the combination thereof. The skilled person in the artshould understand that a microprocessor or a digital signal processor(DSP) can be used in practice to implement some or all functions of someor all components in the device for prompting information about ane-mail according to the embodiment of the present invention. The presentinvention can also be carried out as part or all of the device or deviceprogram (e.g., computer program and computer program product) forperforming the method described here. Such a program for carrying outthe present invention can be stored on a computer readable medium, ormay have the form of one or more signals. Such signals can be downloadedfrom the internet website, or be provided on a carrier signal, or beprovided in any other forms.

For example, FIG. 3 shows a server that can carry out a method forprompting information about an e-mail according to the presentinvention, e.g., an application server. The server conventionallycomprises a processor 310 and a computer program product or a computerreadable medium in the form of memory 320. The memory 320 may be anelectronic memory such as a flash memory, an EEPROM (electricallyerasable programmable read-only memory), an EPROM, a hard disk or a ROMand the like. The memory 320 has a memory space 330 of a program code331 for performing any method steps in the above method. For example,the memory space 330 for the program code may comprise respectiveprogram codes 331 for carrying out respective steps in the above methodrespectively. These program codes can be read from or written into oneor more computer program products. These computer program productsinclude program code carriers such as hard disks, compact disks (CD),memory cards or floppy disks and the like. Such computer programproducts are generally portable or fixed memory units as shown in FIG.4. The memory unit can have a memory segment, a memory space etc.arranged similarly as the memory 320 in the server of FIG. 3. Theprogram code may be compressed for example in an appropriate form.Generally, the memory unit comprises a computer readable code 331′,i.e., a code that can be read by e.g. a processor such as 310 and thelike, when these codes are run by the server, the server performsrespective steps in the method described above.

The so-called “an embodiment” “embodiments” or “one or more embodiments”in this text means that the specific features, structures orcharacteristics described in combination with the embodiments arecomprised in at least one embodiment of the present invention. Inaddition, please note that the word example of “in an embodiment” heredoes not always refer to the same embodiment.

In the description provided here, large amount of specific details areexplained. However, it can be understood that the embodiments of thepresent invention can be practiced without these specific details. Insome examples, the well known method, structure and technology are notshown specifically, so as not to make the understanding to thedescription ambiguous.

It should be noted that the above embodiments are explanations to thepresent invention rather than limitations to the present invention,moreover, the skilled person in the art can design alternativeembodiments without departing from the scope of the attached claims. Inthe claims, any reference signs located between parentheses should notbe taken as limitations to the claims. The word “comprise” does notexclude elements or steps not listed in the claims. The word “a” or “an”before the element does not exclude multiple such elements. The presentinvention can be carried out by means of hardware comprising severaldifferent elements and by means of an appropriately programmed computer.In a unit claim in which several means are listed, several of thesemeans may be embodied by the same hardware item. The use of the wordslike first, second and third etc. does not represent any order. Thesewords can be explained as names.

In addition, it should also be noted that the language used in thisdescription is selected mainly for the purpose of readability andteaching, rather than for explaining or defining the subject matter ofthe present invention. Therefore, many modifications and variations areobvious for the ordinary skilled person in the art without departingfrom the scope and spirit of the attached Claims. As for the scope ofthe present invention, the disclosure made to the present invention isillustrative rather than limitative, the scope of the present inventionis defined by the attached Claims.

The invention claimed is:
 1. A method for prompting information about ane-mail, comprising: extracting information from one of a currentlyopened e-mail in a webpage mailbox opened by a user or a currentlyopened e-mail in a client mailbox opened by the user, the extractinginformation comprising one of: (1) when the e-mail comprises the e-mailin the webpage mailbox opened by the user, parsing Hypertext MarkupLanguage (HTML) code of the webpage providing the e-mail based on aDocument Object Model (DOM) tree, directly finding a node in the DOMtree according to a preset node feature of the node in the DOM tree, andextracting the information from a webpage element corresponding to thenode, wherein the preset node feature comprising the webpage element isan Mth node in an Nth layer of the DOM tree in a current webpage andcomprises an e-mail title and/or sender information of the currentlyopened e-mail, each particular webpage mailbox having a differentcorresponding preset node feature with a different Mth node in an Nthlayer of the DOM tree that is determined; or (2) when the e-mailcomprises the e-mail in the client mailbox opened by the user, acquiringa data package and a data format of the e-mail according to a softwaredevelopment kit (SDK) function, and extracting the information of thee-mail from the data package according to the data format; according tothe extracted information, determining whether an unsafe webpage link iscontained in content of the currently opened e-mail; and when the unsafewebpage link is contained in the content of the currently opened e-mail,providing security prompting information to the user.
 2. The methodaccording to claim 1, wherein extracting information from the currentlyopened e-mail comprises: extracting the webpage link contained in thecontent of the e-mail; and, determining whether the unsafe webpage linkis contained in the content of the currently opened e-mail according tothe extracted information comprises: detecting security of the webpagelink, to determine whether the unsafe webpage link is contained incontent of the e-mail according to the detection result.
 3. The methodaccording to claim 1, wherein extracting information from the currentlyopened e-mail comprises: extracting the e-mail title and/or senderinformation of the currently opened e-mail; and, the determining whetherthe unsafe webpage link is contained in content of the currently openede-mail comprises: determining whether the e-mail title and/or the senderinformation appears in a preset blacklist, if yes, it is determined thatthe unsafe webpage link is contained in the content of the currentlyopened e-mail.
 4. The method according to claim 3, wherein if the e-mailtitle and/or the sender information does not appear in the presetblacklist, extracting information from the currently opened e-mailfurther comprises: extracting the webpage link contained in the contentof the e-mail; and, determining whether the unsafe webpage link iscontained in the content of the currently opened e-mail furthercomprises: detecting security of the webpage link, to determine whetherthe unsafe webpage link is contained in the content of the e-mailaccording to the detection result.
 5. The method according to claim 2,wherein the e-mail comprises the e-mail in the webpage mailbox opened bythe user, and the extracting the webpage link contained in the contentof the e-mail comprises: extracting text content of the e-mail; andextracting from the text content of the e-mail the webpage linkcontained therein using an Application Programming Interface (API)function provided by an operating system.
 6. The method according toclaim 2, wherein the e-mail comprises the e-mail in the client mailboxopened by the user, and extracting the webpage link contained in textcontent of the e-mail comprises: reading the text content of the e-mail;and parsing a character string contained in the text content, to extractthe webpage link from the text content according to a preset characterstring feature to which a webpage link corresponds.
 7. The methodaccording to claim 6, the method executed by a plug-in of the clientmailbox, the plug-in performing data processing in asynchronization withthe client mailbox.
 8. The method according to claim 4, furthercomprising: adding the title and/or the sender information of the e-mailinto a blacklist if the detection result shows that the unsafe webpagelink is contained in the content of the e-mail.
 9. A device forprompting information about an e-mail, comprising: a memory havinginstructions stored thereon; a processor configured to execute theinstructions to perform operations for prompting information about ane-mail, the operations comprising: extracting information, from one of acurrently opened e-mail in a webpage mailbox opened by a user or acurrently opened e-mail in a client mailbox opened by the user, theextracting information comprising one of: (1) when the e-mail comprisesthe e-mail in the webpage mailbox opened by the user, parsing HypertextMarkup Language (HTML) code of the webpage providing the e-mail based ona Document Object Model (DOM) tree, directly finding a node in the DOMtree according to a preset node feature of the node in the DOM tree, andextracting the information from a webpage element corresponding to thenode, wherein the preset node feature comprising the webpage element isan Mth node in an Nth layer of the DOM tree in a current webpage andcomprises an e-mail title and/or sender information of the currentlyopened e-mail, each particular webpage mailbox having a differentcorresponding preset node feature with a different Mth node in an Nthlayer of the DOM tree that is determined; or (2) when the e-mailcomprises the e-mail in the client mailbox opened by the user, acquiringa data package and a data format of the e-mail according to a softwaredevelopment kit (SDK) function, and extracting the information of thee-mail from the data package according to the data format; determiningwhether an unsafe webpage link is contained in content of the currentlyopened e-mail according to the extracted information; and when theunsafe webpage link is contained in the content of the currently openede-mail, providing security prompting information to the user.
 10. Thedevice according to claim 9, wherein extracting information from thecurrently opened e-mail comprises: extracting the webpage link containedin the content of the e-mail; and, the determining whether the unsafewebpage link is contained in the content of the currently opened e-mailaccording to the extracted information comprises: detecting security ofthe webpage link, to determine whether the unsafe webpage link iscontained in the content of the e-mail according to the detectionresult.
 11. The device according to claim 9, wherein the extractinginformation from the currently opened e-mail comprises: extracting thee-mail title and/or sender information of a currently opened e-mail;and, the determining whether the unsafe webpage link is contained incontent of the currently opened e-mail comprises: determining whetherthe e-mail title and/or sender information appears in a presetblacklist, if yes, determining that the unsafe webpage link is containedin the content of the currently opened e-mail.
 12. The device accordingto claim 11, wherein if the e-mail title and/or the sender informationdoes not appear in the preset blacklist, extracting information from thecurrently opened e-mail further comprises: extracting the webpage linkcontained in the content of the e-mail; and, the determining whether theunsafe webpage link is contained in the content of the currently openede-mail further comprises: detecting security of the webpage link, todetermine whether the unsafe webpage link is contained in the content ofthe e-mail according to the detection result.
 13. The device accordingto claim 10, wherein the e-mail comprises the e-mail in the webpagemailbox opened by the user, the extracting the webpage link contained inthe content of the e-mail comprises: extracting text content of thee-mail; and extracting from the text content of the e-mail, the webpagelink contained therein using an Application Programming Interface (API)function provided by an operating system.
 14. The device according toclaim 10, wherein the e-mail comprises the e-mail in the client mailboxopened by the user, the extracting the webpage link contained in thetext content of the e-mail comprises: reading text content of thee-mail; and parsing a character string contained in the text content, toextract the webpage link from the text content according to a presetcharacter string feature to which a webpage link corresponds.
 15. Thedevice according to claim 14, the operations executed by a plug-in ofthe client mailbox, the plug-in performing data processing inasynchronization with the client mailbox.
 16. The device according toclaim 12, the operations for prompting information about the e-mailfurther comprising: adding the e-mail title and/or sender informationinto the blacklist if the detection result shows that the unsafe webpagelink is contained in the content of the e-mail.
 17. A non-transitorycomputer readable medium, comprising computer readable code, that whenexecuted by a computing device causes the device to carry out operationsfor prompting information about an e-mail, the operations comprising:extracting information from one of a currently opened e-mail in awebpage mailbox opened by a user or a currently opened e-mail in aclient mailbox opened by the user, the extracting information comprisingone of: (1) when the e-mail comprises the e-mail in the webpage mailboxopened by the user, parsing Hypertext Markup Language (HTML) code of thewebpage providing the e-mail based on a Document Object Model (DOM)tree, directly finding a node in the DOM tree according to a preset nodefeature of the node in the DOM tree, and extracting the information froma webpage element corresponding to the node, wherein the preset nodefeature comprising the webpage element is an Mth node in an Nth layer ofthe DOM tree in a current webpage and comprises an e-mail title and/orsender information of the currently opened e-mail, each particularwebpage mailbox having a different corresponding preset node featurewith a different Mth node in an Nth layer of the DOM tree that isdetermined; or (2) when the e-mail comprises the e-mail in the clientmailbox opened by the user, acquiring a data package and a data formatof the e-mail according to a software development kit (SDK) function,and extracting the information of the e-mail from the data packageaccording to the data format; according to the extracted information,determining whether an unsafe webpage link is contained in content ofthe currently opened e-mail; and when the unsafe webpage link iscontained in the content of the currently opened e-mail, providingsecurity prompting information to the user.